How to speed up handshake times when using ECDHE (and/or ECDSA)

We have had some reports of low-end embedded systems taking 10-20 seconds to establish a TLS connection when generating a shared secret using the ECDH algorithm.

We wanted to remind our users of the fixed-point caching mechanism provided by wolfSSL. Users can enable fixed point caching with the configure option --enable-fpecc or by defining FP_ECC in their settings. Users will also need to configure which look up table (FP_LUT) to use and the number of entries (FP_ENTRIES).

FP_LUT: General rule is the larger the table, the more memory is needed but the faster subsequent lookup operations will be.

FP_ENTRIES: The number of entries allowed in the cache.

By default if users are not using the autoconf system (IE ./configure --enable-fpecc) users can start by adding these to either wolfssl/wolfcrypt/settings.h or their own user_settings.h when defining WOLFSSL_USER_SETTINGS globally:

Users can pre-cache fixed points on a curve related to a specific private key prior to establishing a connection to speed up shared secret computation times. Below we have provided some sample code users might use to accomplish this “pre-caching”. Ideally this would be a function you would run on system start-up or initialization of your embedded device prior to establishing a connection:

If you have any questions on the above solution please contact us anytime at support@wolfssl.com! If you have feedback or comments please send a note to facts@wolfssl.com we would love to hear from you!